Cisco IOS XR Software Version 4.3.1 Susceptible to DoS Attack

Cisco announced that IOS XR Software version 4.3.1 contains a vulnerability that could result in a denial of service (DoS) condition if exploited.

Cisco IOS XR Software version 4.3.1 does not release memory allocated by UDP packets when the queues are full. If someone were to flood the device with UDP packets it would consume all available memory causing a denial of service. This attack can be performed by a remote unauthenticated user. The problem is only triggered by traffic directed at UDP services. Transit traffic will not cause issues.

If your device is attacked it will issue a warning:

%PKT_INFRA-PAKWATCH-4-DEPLETION_WARNING : Depletion level <value> percent for resource PAK FSV

Devices using UDP listening services are vulnerable. Configurations that use UDP services are as follows:

  • Simple Network Management Protocol (SNMP) – UDP Ports 161 and 162
  • Network Time Protocol (NTP) – UDP port 123
  • Label Distribution Protocol (LDP) – UDP port 646
  • Syslog – UDP port 514

This vulnerability affects Cisco IOS XR Software version 4.3.1 installed on any supported hardware device.

Cisco has released free software updates that address this vulnerability. For more information see Cisco’s security advisory.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s